Press ESC to close

New Cyber-Espionage Campaign Detection: Suspected China-Backed Actors Target High-Profile Organizations in Southeast Asia

Attribute Details
Threat Actors China-backed APT groups, specifically Earth Baxia, Earth Baku (APT41, Brass Typhoon)
Campaign Overview Ongoing cyber-espionage targeting high-profile organizations in Southeast Asia since October 2023
Target Regions Southeast Asia, Taiwan, APAC region
Methodology Intelligence gathering, remote access tools, DLL sideloading, open-source tools, persistence tactics
Product Targeted Government ministries, Air traffic control, Telecom companies, Media outlet
Malware Reference Rakshasa, PlugX (Korplug), Stowaway, ReverseSSH, SharpGPOAbuse
Tools Used Remote access tools, password collectors, keyloggers, DLL sideloading tools, Impacket
Vulnerabilities Exploited DLL sideloading, exploitation of Impacket commands via WMI, authentication filters
TTPs Persistence, data exfiltration, stealth access maintenance, password collection
Attribution Linked to Chinese APT groups like Earth Baxia, Earth Baku, Fireant, Budworm
Recommendations SOC Prime solutions, Symantec protection bulletin for threat mitigation, detection automation
Source SOC Prime

Read full article: https://socprime.com/blog/chinese-apt-cyberespionage-southeast-asia-detection/

The above summary has been generated by an AI language model

Source: SOC Prime

Published on: December 11, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *